import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;


public class jdbc_preparedStsement {
    //preparedStsement api详解
    public static void main(String[] args) throws Exception {
//        1.注册驱动
        Class.forName("com.mysql.jdbc.Driver");
//        2.获取连接
        String url="jdbc:mysql:///db1";
        String username="root";
        String password="123456";
        Connection conn = DriverManager.getConnection(url, username, password);
        //3.接收用户名和密码
        String name = "zhangsan";
        String pwd = "'or'1'='1";
        String sql = "select *from tb_user where username = ? and password = ?";
        //获取sql
        PreparedStatement stmt = conn.prepareStatement(sql);
        //设置？占位符的值
        stmt.setString(1,name);
        stmt.setString(2,pwd);
        //执行sql
        ResultSet rs = stmt.executeQuery();
        //判断登录是否成功
        if (rs.next()){
            System.out.println("登录成功");
        }else {
            System.out.println("登陆失败");
        }
        stmt.close();
        conn.close();
    }

}
